Content written for

Small & medium business
Large organisations & infrastructure

IRAP Assessors are ASD-certified ICT professionals from across Australia who have the necessary experience and qualifications in ICT, security assessment and risk management, and a detailed knowledge of ASD's Information Security Manual.

Individuals can apply to become IRAP Assessors if they can:

  • demonstrate Australian citizenship

  • demonstrate a minimum of five years of technical ICT experience with at least two years of information security experience on systems using the Information Security Manual (ISM) and supporting publications

  • show evidence of relevant ICT and auditing qualifications, one from Category A and one from Category B

  • complete an IRAP new starter training course through an ASD approved IRAP training provider, and

  • undertake the ASD new starter examination.

Category A

Category B

When ASD has confirmed that the above requirements have been met, the individual can:

  • attain a minimum NV1 security clearance (ASD will sponsor this if necessary), and

  • submit a conflict of interest declaration, and

  • submit a confidentiality deed.

If the candidate successfully meets all of the above criteria they are added to the list of registered IRAP Assessors.

In accordance with the IRAP Policy and Procedures, IRAP Assessors maintain their skills by:

  • maintaining IRAP prerequisite qualifications in ICT and auditing disciplines

  • Annually, demonstrate maintenance of ISM and IRAP assessment knowledge through completion of either:

    • Submission of an IRAP assessment report - identifying assessments completed within the previous 12 months, OR

    • IRAP examination.

  • attending ASD-endorsed workshops, forums and conferences, and

  • participating in information-sharing activities across the IRAP and information security communities.

IRAP Assessors make a valuable contribution to Australia's national security objectives by assisting government agencies to improve their security posture by providing ICT security advice and assessment services.

Apply to become an IRAP assessor

Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it